Re: Survey: Chat and IM

["Chris Berry" <compjma () hotmail com>]

> From: Jason Yates <jaywhy2 () comcast net>
> But don't think banning aim is easy as a firewall rule.  Let me give >you a 
> personal example.  A previous employer of mine,  decided >blocking instant 
> messaging was a good idea. They simply blocked, on >the firewall, the 
> default port AIM uses, problem fixed right.  The >problem with this 
> solution was the AIM has Auto Connection feature, >that allows aim clients 
> to search every port until it finds one it can >connect to aol servers 
> with.  Since we allowed external ftp >connections, AIM would simply use 
> port 21 to connect to the AOL
> servers.  Even if we block every port at the firewall, people can
> still talk through aim through web proxies.  This is when my previous 
> >employer eventually gave up on the policy.
> Good luck you'll need it. =)

No problem, you're just trying to block it at the wrong level of the OSI 
model, you need a firewall that has layer 7 (application) filtering.  ISA 
server from M$ can do this, probably Checkpoint, PIX, etc.  If you're 
running a Linux firewall (iptables for example), you could probably write a 
script which checks the application attempting to access the port, and write 
a rule that rejects AIM connections from internal clients.

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"And here in our server room you can see our Beowolf Cluster of C64's that 
keeps our enterprise on the very cutting edge of technology."

_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail